From 97cb9926abcc8bcea89e7a493daabe505ba98037 Mon Sep 17 00:00:00 2001
From: Joey Zhao <5253430+joeyzhao2018@users.noreply.github.com>
Date: Thu, 9 Apr 2026 09:49:42 -0400
Subject: [PATCH 1/2] fix CVE-2026-32874 and CVE-2026-32875

---
 pyproject.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index f289867c..3d6a4541 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -33,7 +33,7 @@ ddtrace = [
     {version = ">=3.19.1,<4", python = ">=3.8,<3.10"},
     {version = ">=4.1.1,<5,!=4.6.*", python = ">=3.10"}
 ]
-ujson = ">=5.9.0"
+ujson = ">=5.10.0"
 botocore = { version = "^1.34.0", optional = true }
 requests = { version ="^2.22.0", optional = true }
 pytest = { version= "^8.0.0", optional = true }

From c3fc366ef106d46800a54cdf172b5148bb9035fc Mon Sep 17 00:00:00 2001
From: Joey Zhao <5253430+joeyzhao2018@users.noreply.github.com>
Date: Thu, 9 Apr 2026 11:08:07 -0400
Subject: [PATCH 2/2] split the ujson constraint by Python version

---
 pyproject.toml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index 3d6a4541..ec95a738 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -33,7 +33,10 @@ ddtrace = [
     {version = ">=3.19.1,<4", python = ">=3.8,<3.10"},
     {version = ">=4.1.1,<5,!=4.6.*", python = ">=3.10"}
 ]
-ujson = ">=5.10.0"
+ujson = [
+    {version = ">=5.10.0,<5.12.0", python = ">=3.8,<3.10"},
+    {version = ">=5.12.0", python = ">=3.10"}
+]
 botocore = { version = "^1.34.0", optional = true }
 requests = { version ="^2.22.0", optional = true }
 pytest = { version= "^8.0.0", optional = true }